Mac users become the victim of a Trojan which spreads via the video Converter HandBrake
08.05.2017 apleapplekot 0 Comments
In the distribution of popular video Converter HandBrake for Mac malicious code is detected. As it turned out in the course of studying the problem, hackers broke into the website of the developer and replaced safe the file is infected.
Handbrake was created as a tool for cloning DVDs, but then turned into a universal video Converter. Now it converts almost any video into desired format. Flawless, reliable, easy to use and, most importantly, absolutely free. In December last year, the Handbrake came out of beta after 13 years.
The presence of malicious code in the distribution was found by the HandBrake developers. They notified the users, then the creators of the program have removed the malicious file and began an investigation.
The company argued that the installation file Handbrake on one of the mirrors has been integrated variant of Trojan OSX.PROTON. This malware steals passwords from keychain access macOS, and provides a hacker access the compromised system. “Anyone who has downloaded the Handbrake for Mac in the period from 2 may to 6 may have a 50% chance installed the infected version of the program” – warn developers.
In the distribution Handbrake malicious code appeared last week. The number of downloaded copies of the developers is not known. They strongly recommend that everyone who downloaded a program from 2 to 6 may check the system using antivirus. Determine the presence of malware – process Activity_agent – in Monitoring system.
To remove the Trojan by running the following Terminal command:
- launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
- rm-rf ~/Library/RenderFiles/activity_agent.app
- if ~/Library/VideoFrameworks/ contains proton.zip remove the folder
Then you need to remove from the system file HandBrake.app.
Note that in March last year in the distribution Transmission was detected the malicious code of ransomware OSX.KeRanger. He was introduced by the intruders in the app after the developers for the first time in two years released an update a torrent client.